[v8-dev] Illegal opcode at address reported when process run out of memory

zaq178miami Thu, 22 Oct 2015 14:08:29 -0700

Hi, I'm embeding v8 and testing case when process runs out of memory, but 
simple example cause segfault and valgring reports "Illegal opcode at 
address" on v8::base::OS::Abort() call.


My question is whether I'm doing something wrong that causes process abrupt 
termination and makes valgring mad? What is an appropriate way to handle 
such situations like OutOfMemeory errors when embeddin v8?

test.js:
x = 'x';
var multiply = 26;

while (multiply-- > 0){
 x = ""+x+x;
 print(x.length, "\n");
}

var arr = [];

while (1) {
     arr.push(x);
}


Output:
2
4
8
16
32
64
128
256
512
1024
2048
4096
8192
16384
32768
65536
131072
262144
524288
1048576
2097152
4194304
8388608
16777216
33554432
67108864

<--- Last few GCs --->

    3842 ms: Scavenge 958.0 (995.3) -> 958.0 (995.3) MB, 0.1 / 0 ms (+ 0.8 
ms in 1 steps since last GC) [allocation failure] [incremental marking 
delaying mark-sweep].
    4078 ms: Mark-sweep 958.0 (995.3) -> 575.4 (612.8) MB, 235.7 / 0 ms (+ 
0.9 ms in 2 steps since start of marking, biggest step 0.8 ms) [last resort 
gc].
    4289 ms: Mark-sweep 575.4 (612.8) -> 575.4 (612.8) MB, 210.8 / 0 ms [
last resort gc].


<--- JS stacktrace --->

==== JS stack trace =========================================

Security context: 0x381ca7a469e1 <JS Object>
    2: /* anonymous */ [test.js:~1] [pc=0xdd87917a34d] (this=0x1f378a044619 
<JS Global Object>)

==== Details ================================================

[2]: /* anonymous */ [test.js:~1] [pc=0xdd87917a34d] (this=0x1f378a044619 <JS 
Global Object>) {
// optimized frame
--------- s o u r c e   c o d e ---------
\x0ax = 'x';\x0avar multiply = 26;\x0a\x0awhile (multiply-- > 0){\x0a x = ""
+x+x...



#
# Fatal error in , line 0
# API fatal error handler returned after process out of memory
#

==== C stack trace ===============================

 1: V8_Fatal
 2: v8::internal::V8::FatalProcessOutOfMemory(char const*, bool)
 3: v8::internal::Heap::AllocateUninitializedFixedArray(int)
 4: v8::internal::Factory::NewUninitializedFixedArray(int)
 5: 0x7f1628fb3752
 6: 0x7f1628fb362f
 7: v8::internal::Runtime_GrowArrayElements(int, v8::internal::Object**, v8
::internal::Isolate*)
 8: 0xdd879106298
Illegal instruction

Termsig=4

Valgring output:
==15035== Process terminating with default action of signal 4 (SIGILL)
==15035==  Illegal opcode at address 0xFC7A52F
==15035==    at 0xFC7A52F: v8::base::OS::Abort() (in /tmp/usr/lib/v8/lib/
libv8.so)
==15035==    by 0xFC78C1B: V8_Fatal (in /tmp/usr/lib/v8/lib/libv8.so)
==15035==    by 0xF76CACE: v8::internal::V8::FatalProcessOutOfMemory(char 
const*, bool) (in /tmp/usr/lib/v8/lib/libv8.so)
==15035==    by 0xF93C236: v8::internal::Heap::
AllocateUninitializedFixedArray(int) (in /tmp/usr/lib/v8/lib/libv8.so)
==15035==    by 0xF8FB29D: v8::internal::Factory::NewUninitializedFixedArray
(int) (in /tmp/usr/lib/v8/lib/libv8.so)
==15035==    by 0xF8E8751: v8::internal::(anonymous namespace)::
ElementsAccessorBase<v8::internal::(anonymous namespace)::
FastPackedObjectElementsAccessor, v8::internal::(anonymous namespace)::
ElementsKindTraits<(v8::internal::ElementsKind)2> >::
ConvertElementsWithCapacity(v8::internal::Handle<v8::internal::JSObject>, v8
::internal::Handle<v8::internal::FixedArrayBase>, v8::internal::ElementsKind
, unsigned int, unsigned int, unsigned int, int) (in /tmp/usr/lib/v8/lib/
libv8.so)
==15035==    by 0xF8E862E: v8::internal::(anonymous namespace)::
ElementsAccessorBase<v8::internal::(anonymous namespace)::
FastPackedObjectElementsAccessor, v8::internal::(anonymous namespace)::
ElementsKindTraits<(v8::internal::ElementsKind)2> >::
GrowCapacityAndConvertImpl(v8::internal::Handle<v8::internal::JSObject>, 
unsigned int) (in /tmp/usr/lib/v8/lib/libv8.so)
==15035==    by 0xFB1A1EB: v8::internal::Runtime_GrowArrayElements(int, v8::
internal::Object**, v8::internal::Isolate*) (in /tmp/usr/lib/v8/lib/libv8.so
)
==15035==    by 0x254416406297: ???
==15035==    by 0x254416406684: ???
==15035==    by 0x25441647A134: ???
==15035==    by 0x25441641A37A: ???
==15035==    by 0x254416418AC1: ???
==15035==    by 0xF8F5FEE: v8::internal::(anonymous namespace)::Invoke(v8::
internal::Isolate*, bool, v8::internal::Handle<v8::internal::Object>, v8::
internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::
internal::Object>*, v8::internal::Handle<v8::internal::Object>) (in /tmp/usr
/lib/v8/lib/libv8.so)
==15035==    by 0xF8F5C43: v8::internal::Execution::Call(v8::internal::
Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<
v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) (in 
/tmp/usr/lib/v8/lib/libv8.so)
==15035==    by 0xF76D13A: v8::Script::Run(v8::Local<v8::Context>) (in /tmp/
usr/lib/v8/lib/libv8.so)





-- 
-- 
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups 
"v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

[v8-dev] Illegal opcode at address reported when process run out of memory

Reply via email to